This is my winning solution for a faculty SQL Injection contest I participated in 2021.
The main challenge was to find inventive and playful ways to exploit database connected applications that are vulnerable to this kind of attack.
Therefore, I used two applications: one that was entirely coded by me, and the other being a vulnerable webservice hosted on a Linux server. It was fun ( ͡° ͜ʖ ͡°) .
Below is the complete description of the exploitation process / write-up.
The Github repo for this solution can be found here.
The above PDF and video demo can be found here.